In its first Patch Tuesday of the year, Microsoft released seven bulletins to fix at least eight vulnerabilities pertaining to all versions of Windows. The one bulletin you shouldn't procrastinate on addressing patches flaws in Windows Media Player that would allow a hacker to execute code remotely.

It's bulletin MS12-004, which Microsoft gave a most severe rating (by calling it "critical"). This patch fixes vulnerabilities when you use WMP to play an MIDI file or stream videos. As ZDNet's Zero Day blog notes, Microsoft expects to see attempts to exploit these flaws within 30 days "so it’s important that Windows users treat MS12-004 with the utmost priority."

Also noteworthy is bulletin MS12-001 to prevent a "Security Feature Bypass," a brand new class of flaws. Andrew Storms, director of security operations for nCircle, said in a statement, "This somewhat mysterious category turned out to be related to binary code compiled with a version of the Microsoft C++ .NET compiler that did not have all the security protections enabled. This seems like it could be a cause for concern, but as of yet, there isn't any evidence that shows attackers are taking advantage of the loophole."

Wolfgang Kandek, CTO of Qualys, highlighted bulletin MS12-006, also known as the "BEAST patch:"

"BEAST was first demonstrated at the September 2011 Ekoparty conference in Buenos Aires and is a crypto attack against SSL/TLS that allows the attacker to decode and eavesdrop on HTTPS sessions. If you did miss the MS11-100 release over the holidays, now is a good time to take the opportunity to bundle both together. Tools for triggering MS11-100 are actively being researched and are very simple to build, meaning that they will soon get added to the common DoS tools," Kandek said in a statement.

Also commenting on MS12-006, Rapid7's Marcus Carey pointed out that the SSL vulnerability was scrapped last month, reportedly because of incompatibility issues with SAP.

"Microsoft and SAP were able to resolve the issues, and deploy the update this month," Carey said in a statement. "This pulled patch last month emphasizes the point that organizations need to test patches for compatibility before patching. In the case with SAP they have access to test these patches before deployment. Smaller software providers might not have access to the patches before Microsoft releases them. Organizations should always test, then patch.”